CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1126546 matches found

AlmaLinux•added 2026/06/01 12:0 a.m.•12 views

Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

8.8CVSS5.9AI score0.00123EPSS

Exploits1References10

AlmaLinux•added 2026/06/01 12:0 a.m.•10 views

Important: php:8.3 security update

8.8CVSS5.9AI score0.00123EPSS

Exploits1References10

CNNVD•added 2026/06/01 12:0 a.m.•5 views

Kiteworks cross-site scripting vulnerabilities

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripting, which could allow external attackers...

8.2CVSS5.8AI score0.00037EPSS

Exploits0References1

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45397

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00017EPSS

Exploits0References2

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

8.2CVSS5.6AI score0.00037EPSS

Exploits0References3

OSV•added 2026/06/01 12:0 a.m.•5 views

ALSA-2026:22305 Important: php:8.2 security update

8.8CVSS5.9AI score0.00123EPSS

Exploits1References10

Tenable Nessus•added 2026/06/01 12:0 a.m.•9 views

RockyLinux 9 : php:8.2 (RLSA-2026:22143)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22143 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS5.6AI score0.00123EPSS

Exploits1References9

Tenable Nessus•added 2026/06/01 12:0 a.m.•7 views

RockyLinux 9 : php:8.3 (RLSA-2026:22142)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS5.6AI score0.00123EPSS

Exploits1References9

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Stormshield Network Security security vulnerabilities

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall developed by the French company Stormshield. Versions 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, and 5.0.0 to 5.0.5 of Stormshield Network Security contain security vulnerabilities. These vulnerabilities stem from...

5.3CVSS5.6AI score0.0004EPSS

Exploits0References1

CNNVD•added 2026/06/01 12:0 a.m.•4 views

WordPress plugin WP Statistics has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45437

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00031EPSS

Exploits1References5

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/06/01 12:0 a.m.•6 views

Kiteworks cross-site scripting vulnerabilities

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, and it could allow authentication attacker...

5.4CVSS5.9AI score0.0003EPSS

Exploits0References1

AlmaLinux•added 2026/06/01 12:0 a.m.•8 views

Important: php:8.2 security update

8.8CVSS5.9AI score0.00123EPSS

Exploits1References10

Packet Storm•added 2026/06/01 12:0 a.m.•24 views

📄 Lightweight Music Server 3.76.0 Cross Site Scripting

Lightweight Music Server version 3.76.0 suffers from a persistent cross site scripting vulnerability. LMS stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding. An attacker who gets a file...

5.3AI score

Exploits0

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45388

A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.1AI score0.00033EPSS

Exploits0References2

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Lightweight Music Server Cross-Site Script Vulnerability

Lightweight Music Server is a self-hosted music streaming service developed by Emeric POUPON. Versions of Lightweight Music Server 3.76.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss attacks, allowing attackers to execute arbitrary...

5.4CVSS5.9AI score0.00031EPSS

Exploits1References4

CNNVD•added 2026/06/01 12:0 a.m.•6 views

SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability arises from improper...

5.1CVSS5.7AI score0.00035EPSS

Exploits0References6

CNNVD•added 2026/06/01 12:0 a.m.•6 views

OTRS security vulnerabilities

OTRS is a service management solution developed by the German company OTRS. Version 7.0.x of OTRS contains security vulnerabilities. These vulnerabilities stem from user-controlled inputs during ticket processing, which could allow authenticated attackers to execute reflective cross-site scriptin...

7.1CVSS5.8AI score0.0004EPSS

Exploits0References1

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-45554

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

5.3CVSS4.3AI score0.00039EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by